This website uses cookies for functionality and allow us to analyse the use of the site. To opt out please view our cookie policy .If you continue to browse the site, we'll assume you agree to the use of cookies.

The impact of GDPR on Charities

The scrutiny of Facebook has ensured that data has recently become front-page news, but change is already on the way.

On May 25 data protection rules across Europe, which are 20 years old and seen as not fit for purpose, will be tightened up under the EU GDPR (General Data Protection Regulation).

It will change how customer information must be handled by businesses, public sector organisations – and charities.

Personal data definitions are largely the same as those within current protection laws and can relate to information that is collected through automated processes. Under GDPR they are extended to cover pseudonymised information.

There are also 99 articles setting out the rights of individuals and the obligations on organisations, including allowing people to have easier access to the data held on them, a new fines regime, and a clear responsibility for organisations to obtain the consent of people they collect information about.

So all who handle personal data need to be aware of the new rules and what it means for the data they hold.

Charity trustees as volunteers need to be both guided by their charity officers, as to the details of their responsibilities, but also oversee their officers to ensure they have good practices and systems organised.

It will be important to keep in mind what the new regime means for any data received by the charity, whether by e-mail, post, or in accompanying documents.
This could include details on:

Employees and volunteers

Applicants for jobs

Appointments of trustees

Supporters and fundraising

Applicants for grants if it is a grant-making charity

Recipients of charity benefits, including health information

Suppliers of goods and services to the charity.

Trustees will have to understand what is “sensitive data”, which will apply to many charities, particularly those dealing with children or medical conditions.

It will be important to be clear about the charity’s arrangements for processing and storing, both manual and electronic records, keeping them for no longer than needed, and destroying all personal data when no longer needed.

All this underlines how culturally, while data may in the past have been a fringe issue for IT or legal advice, it is now centre stage and a mainstream issue for how charities are run.

Advisers should check the protection of trustees, and their insurance, in the event of fines from the Information Commissioner’s Office (ICO) or compensation claims by individuals.

Once the charity’s policies and procedures are clearly established, the next step is to ensure they are kept under review.

Finally, trustees and officers should be fully aware of the need for new staff and volunteers to be made aware of the details of these policies and procedures..

Our Social Channels

We've Moved

Thomas Eggar is now Irwin Mitchell.
We have changed our name but we will continue to provide the highest standard of service to businesses and individuals delivered by the same people.
For more information about the merger, please visit the About Us page.